Line 41: |
Line 41: |
| _spf.hostname TXT "v=spf1 ip4:IPv4_of_hostname/mask ip6:IPv6_of_hostname/mask a:hostname.sugarlabs.org mx:hostname.sugarlabs.org ~all" | | _spf.hostname TXT "v=spf1 ip4:IPv4_of_hostname/mask ip6:IPv6_of_hostname/mask a:hostname.sugarlabs.org mx:hostname.sugarlabs.org ~all" |
| | | |
− | The a and mx values are authorized mail server by domain name and authorized server by domain MX record, the MX record should also be defined | + | The '''a''' and '''mx''' values are authorized mail server by domain name and authorized server by domain MX record, the MX record should also be defined |
| for hostname. | | for hostname. |
| | | |
Line 52: |
Line 52: |
| To test DKIM, send an email to autorespond+dkim@dk.elandsys.com | | To test DKIM, send an email to autorespond+dkim@dk.elandsys.com |
| | | |
| + | |
| + | To generate an ed25519 key to use for DKIM, you can use openssl |
| + | |
| + | # Generate ed25519 key |
| + | $ openssl genpkey -algorithm ed25519 -out dkim_private.pem |
| + | # Generate public key from private key |
| + | $ openssl pkey -in dkim_private.pem -pubout -out dkim_public.pem |
| + | |
| + | For ed25519 keys, the p value in the DKIM record must only contain the BASE64 encoded public key, without an ASN.1 structure |
| + | |
| + | $ openssl asn1parse -in dkim_public.pem -offset 12 -noout -out /dev/stdout | openssl base64 |
| + | VGhpcyBpcyBqc3V0ZSBhc29ka2ZvYXNrZWpkZmtsc2pkZgo= |
| + | |
| + | Your entry would look like this |
| + | |
| + | selector1._domainkey.hostname TXT "v=DKIM1; g=*; k=ed25519; p=VGhpcyBpcyBqc3V0ZSBhc29ka2ZvYXNrZWpkZmtsc2pkZgo=" |
| + | _adsp._domainkey.hostname TXT "dkim=unknown" |
| + | |
| + | When using an ed25519 key, you'll need to add a fallback RSA key for backward compatibility. |
| + | |
| + | # Generate rsa key |
| + | $ openssl genrsa -out rsa_private.key 2048 |
| + | # Generate public key from private key |
| + | $ openssl rsa -in rsa_private.key -pubout -outform der 2>/dev/null | openssl base64 -A |
| + | |
| + | You can then add a KeyTable and SigningTable to your opendkim.conf |
| + | |
| + | KeyTable refile:/etc/opendkim/KeyTable |
| + | SigningTable refile:/etc/opendkim/SigningTable |
| + | |
| + | # Contents of KeyTable with both keys |
| + | selector1._domainkey.hostname.sugarlabs.org hostname.domain-name:selector1:/path/to/selector1/private/*.key |
| + | selector2._domainkey.hostname.sugarlabs.org hostname.domain-name:selector2:/path/to/selector2/private/*.key |
| + | |
| + | # Contents of SigningTable |
| + | *@hostname.domain-name selector1._domainkey.hostname.sugarlabs.org |
| + | *@hostname.domain-name selector2._domainkey.hostname.sugarlabs.org |
| + | |
| + | Then add a DKIM record for the second selector |
| + | |
| + | w-mail._domainkey.weblate IN TXT ("v=DKIM1; h=sha256; k=rsa; p="*") |
| + | |
| + | The value of p is the public key of the generated RSA key above. |
| + | |
| + | Ensure your private keys are on hostname. |
| + | |
| + | == Set up == |
| + | |
| + | === Thunderbird === |
| + | |
| + | These are the settings for setting up SMTP with Thunderbird. Note that you use your LDAP username and password, and that the username __'''does not'''__ have "@sugarlabs.org" at the end. |
| + | |
| + | {|class=wikitable |
| + | ! Server name !! Port !! Connection security !! Authentication method !! User name |
| + | |- |
| + | | smtp.sugarlabs.org || 587 || STARTTLS || Normal Password || your LDAP username -- AND WITHOUT @SUGARLABS.ORG AT THE END! |
| + | |} |
| + | |
| + | Example: |
| + | |
| + | [[File:Screenshot from 2024-06-13 22-45-20.png|thumb|left|example of smtp set up in thunderbird ]] |
| | | |
| == See also == | | == See also == |